[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sponsorship requirements and copyright files

Florian Weimer <fw@deneb.enyo.de> writes:

> The file NOTICE contains this hint:
> | This product includes software developed at
> | The Apache Software Foundation (http://www.apache.org/).
> I'm wondering if this should be reflected in the copyright file (and
> if the NOTICE file should be installed in the binary package, in case
> the binary package ends up on different media than the sources).

For packages that are covered by the Apache 2.0 license, I always install
the NOTICE file in every generated binary package.  I believe this is
required by the Apache 2.0 license:

      (d) If the Work includes a "NOTICE" text file as part of its
          distribution, then any Derivative Works that You distribute must
          include a readable copy of the attribution notices contained
          within such NOTICE file, excluding those notices that do not
          pertain to any part of the Derivative Works, in at least one
          of the following places: within a NOTICE text file distributed
          as part of the Derivative Works; within the Source form or
          documentation, if provided along with the Derivative Works; or,
          within a display generated by the Derivative Works, if and
          wherever such third-party notices normally appear. The contents
          of the NOTICE file are for informational purposes only and
          do not modify the License. You may add Your own attribution
          notices within Derivative Works that You distribute, alongside
          or as an addendum to the NOTICE text from the Work, provided
          that such additional attribution notices cannot be construed
          as modifying the License.

I could see an argument that putting the contents of NOTICE into
debian/copyright satisfies the second possibility -- "within the ...
documentation, if provided along with the Derivative works" -- but I think
just installing the NOTICE file is more obviously safe.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: